Experts count staggering costs incurred by UK retail amid cyberattack hell Britain's Cyber Monitoring Centre (CMC) estimates the total cost of the cyberattacks that crippled major UK retail organizations recently could be in the region of £270-440 million ($362-591 million). The organization – which launched earlier this year and introduced standardized grading of cyberattacks – gave the criminals' …
The Cyber Monitoring Centre isn’t about prevention - it’s about formalising failure.
It doesn’t enforce investment, improve resilience, or hold anyone accountable. It just gives disasters a neat classification so insurers and execs can do risk maths on a spreadsheet.
Because let’s be honest: most corporations have already done their cost-benefit analysis.
Pay local talent properly and invest in robust systems? Too expensive.
Outsource everything, gamble on thin defences, and when it all burns down - shrug, file a report, and pass the cost to customers.
It’s not a strategy, it’s managed neglect.
Imagine if construction firms skimped on concrete, and instead of enforcing safety, we built a “Building Collapse Monitoring Centre” to grade the rubble.
That’s where we are.
Who has to imagine construction companies cutting corners and ending in disaster? :) Plenty of examples already exist. Contemporary ones at that.
The problem is indeed about managed neglect and it's found across all industries. And I wouldn't even say it's managed, just neglected and perfectly acceptable due to lobbying and backhanders and lots of quid pro quo.
Looks like it's becoming a very British tradition:
“What are you looking at?”
“Oh, just another catastrophic failure.”
“Thinking of how to fix it?”
“No, just figuring out how to rate it.”
"Nice sarcasm."
"What?"
"Surely you are not going to just rate? Sorry to be this guy."
"No, this is exactly what I am doing!"
"Oh, sarcasm again? Nice one."
"For umpteenth time! I am going to assign a rating to it!"
"Why?"
"To see how it compares to other catastrophic failures."
"And?"
"What do you mean, and? I'll keep calm and carry on."
managed neglect
This is the sad reality of the British bricks n' mortar retail space, with it's twin ball and chain of long-term leases on once prime real estate that now suffers unfair business rates and effectively shuts them out of the efficient online-only business model, and the cultural legacy of defined benefit pension scheme obligations. Ultimately the neglect is a central government decision.
Maybe I'll eat my words one day but it's hard to imagine Amazon online sales being 'down until July'. It's not too expensive for them to invest in robust systems.
that now suffers unfair business rates and effectively shuts them out of the efficient online-only business model,
I don’t want to nitpick, but even online-only operations face business rates - their warehouses and offices are often far larger and more expensive than a single high street shop. And yes, they have long-term leases too.
The notion that e-commerce avoids these burdens is a convenient myth.
The e-commerce firms don't avoid them entirely, they just pay a lot less. Business rates are based on the rental value of property, so a business based on warehouses in the middle of nowhere is bound to have an easier ride than one based on high street shops.
That logic breaks down the moment you stop thinking every business is Amazon. Most SMEs aren’t running regional warehouse networks in the middle of nowhere - they’re renting space near where they live, often in mixed-use areas, or clinging to high street units now hollowed out by falling footfall. Many run hybrid setups: shopfront for visibility, backroom for fulfilment.
And even if some out-of-town space is marginally cheaper, that “easier ride” doesn’t materialise for SMEs.
Why? Because everything else is harder. No bulk shipping discounts, no infrastructure grants, no dedicated tax teams, no favourable treatment from regulators. Just the same business rates system designed for megacorps, with none of the perks.
Saying they have it easier because the postcode is cheaper is like claiming a market stall has an advantage over Tesco because the rent’s lower - it ignores every structural force at play.
even online-only operations face business rates - their warehouses and offices are often far larger and more expensive than a single high street shop
C'mon, if they're far larger it's because they're doing far more business. If you're just starting out you can very flexibly rent a tiny bit of office space in a business park (next door to storage units for stock overflow, and with the big shipping companies doing hassle free twice-daily pick-ups), and then scale as necessary. If you're doing high street you have to invest heavily in physical decor up-front and that means you can't feasibly move to bigger space 2 months later if you do well, and good luck getting a monthly lease anyway.
That logic breaks down the moment you stop thinking every business is Amazon
They are quite a huge chunk of the competition for online in general.
But two bricks n mortar sectors that have fared relatively well are clothing/fashion and groceries, and that's what we have here (M&S, Co-op). Amazon don't do those things well, but there's still a lot of competition from other online giants.
How much in business rates do you think Depop pays (2 offices in the UK, 400 employees worldwide) or it's parent Etsy (only ~2500 employees to house, ~$300mil net income)? Or 24-year old Callum Massey who made £250,000 selling unwanted clothes on Depop and kept all stock in his garage ( https://www.birminghammail.co.uk/black-country/i-started-selling-unwanted-clothes-27119413 )? Or Deliveroo and their 'dark kitchens' built in portacabins tucked away in cheap undesirable areas? (How many of those dark kitchens are even paying business rates at all, or is it a tax-evaders dream like Airbnb or Ebay?)
Of course the business models are totally different so to an extent we're comparing apples to oranges, nevertheless I'd argue an expensive high street location is in large part marketing for bricks and mortar retailers. You rely on people walking or driving past and noticing you, and shops where that traffic is high have high rents. So these business are paying very high business rates on their marketing spend.
In the online world your marketing spend is a more straight-forward cost line, only some it will incur VAT at a much lower rate than business rates, and which (hopefully) is fully offset by VAT on your sales.
I'm not saying one business model is easier or harder. I'm saying the situation is unfair in a way that harms the free market.
(Not that economic logic matters one bit when it comes to the fraught task for politicians of tweaking tax, particularly across the central government/local government divide)
You're missing the point.
Most small businesses - online or not - don’t operate from garages or dark kitchens. They rent real premises and pay full business rates. There’s no exemption just because they ship parcels instead of selling over a counter.
Big players like Amazon get scale discounts, bespoke tax structures, and lobbying access. SMEs don’t. They face the same rating system without any of the advantages.
Exemption? Perhaps you misread Blazde's original post. There was never any claim that anyone is exempt from business rates. The actual point was the unfairness of a system that ties business taxes to property rental values. If you're selling over a counter, you need to put that counter where the customers are, and that's where rents and therefore business rates are highest. If you're shipping parcels, you're free to go where the rent is cheaper, so you'll get lower business rates. Undeniably, the system gives a disadvantage to business models that involve selling face-to-face in a high street shop.
You're framing this like physical retail is forced into expensive locations while online sellers float freely in some rent-free utopia. That’s a fantasy.
Most online SMEs aren’t shipping from vast warehouses in rural areas - they’re operating from whatever unit they can afford near where they live, often at the same or higher rateable values per square metre than dying high street shops. The reality is: location flexibility is a myth unless you have scale, capital, and logistics muscle - which most don’t.
And let’s not pretend high street presence is some magical magnet for footfall anymore. Consumer habits have shifted. People aren’t browsing shops - they’re scrolling. The real disadvantage isn’t rates - it’s that the traditional retail model is outdated, and governments failed to help small sellers transition.
I think you're missing the point. Business rates are based on notional rent for the property. A high-street facing unit or a snazzy retail park just off a busy bypass cost an awful lot more per square metre to rent than an obscure ugly warehouse in a crammed business park you wouldn't know existed unless forced to go there. In addition to that you require less space to perform storage and fulfillment than you do to perform physical display and customer service on premises. There's no debate about that.
I don't know why you're going on about SMEs, M&S and Co-op are both big players. The small businesses who do either online or offline with some online all outsource their online infrastructure and security anyway, no?
Sure, rateable value reflects rental cost - but most small businesses aren’t choosing between Mayfair shopfronts and secret warehouses. They’re picking from whatever semi-affordable space exists within reach of their lives, customers, or supply chains. And whether that’s a high street unit or a dingy lock-up, the rates system doesn’t ask how you trade - just where you are. Parcel or counter, you're still taxed like a square metre is a square metre.
As for “less space” - not always true. Fulfilment needs packing benches, racking, safe storage, pickup access. Often more functional space than a boutique. The real edge isn’t in the floorplan - it’s in scale and infrastructure, which SMEs lack entirely.
And no - small businesses don’t all outsource infrastructure and security. Most stitch it together themselves, often badly, because they can’t afford enterprise solutions. M&S and Co-op have teams. Sean in his commercial unit doesn’t. That’s the gap - not just rent.
Well whatever, you started by saying you were nitpicking so I accept you have some points to share, but I suspect we agree business rates are an excessive tax that unfairly targets certain businesses significantly more than others, online or not, and that's a problem.
I think small online businesses *should* outsource infrastructure and security because those services scale well, and so we're presumably moving to a world where they do. However while I was thinking about that I couldn't really think of a reason other than pride that M&S couldn't solve their issues by outsourcing to some company that knows what they're doing too.
"Imagine if construction firms skimped on concrete, and instead of enforcing safety, we built a “Building Collapse Monitoring Centre” to grade the rubble."
Funny you mention that. I recall a story from China where one of those mega-tower towns they had been building had concrete that was disintegrating into sand. Nobody lived in this city and it was likely built as a jobs program so the contractors were skimping on everything. When they get a stiff enough breeze, it shouldn't be too hard to fish out the steel/copper of the collapse pile.
Sorry, this is what happens when you decide your shareholders and dividends are more important than your core business.
"But our core business is retail"
No, my dim COE friend. Your core business is IT. You just happen to have the terminals in shops.
"But our business is banking"
No, my dim COE friend. Your core business is IT. You just happen to have the terminals in shops.
&c &c
Many years ago, a very intelligent friend commented that it was stupid to allow a lot of experience and talent to slosh around underemployed in the economy as the damage they could do was far greater than the damage the same number of YTS* placements could do. This was when floppy borne viruses were around.
*Youth Training Scheme. An early source of cheap unskilled labour.
With no electricity, I have no business, but I'm still not calling the core business of my IT company "electricity".
However I appreciate the point you're aiming for here, which is that IT is viewed as just another cost center by a lot of companies. This tends to mean it's slashed to the point where... well, where they get to be included in this article I suppose.
Sorry, this is what happens when you decide your shareholders and dividends are more important than your core business."But our core business is retail"
Or flogging 'security' software, operating systems and services?
Britain's Cyber Monitoring Centre (CMC) estimates the total cost of the cyberattacks that crippled major UK retail organizations recently could be in the region of £270-440 million ($362-591 million).
With the ClownStrike fiasco costing a whole lot more. Their customers maybe did all the right things to secure their own businesses, but were at the mercy of their vendor. Which I guess is where CMC could be of some use, ie effective blame management. Especially given HMG input and insurers. Establish liability and make it easier to recover consquential losses, if the vendor was found to have been at fault. Vendors might not like that idea, but some have become $tn tech titans on the back of flocking VaaS (Vulnerabilities as a Service).
You're right that attacks shouldn't be a surprise, but it's nothing to do with Ukraine et al. I've worked in IT and infosec for nearly 30yr, there is ALWAYS a war, an issue, a protest, a hacking group, something that makes for an elevated threat. Always. There is nothing new other than the technical details on how they exploit.
What is also not new is a lack of investment in basic IT, patching, maintenance, secure development, security resources etc.
No one wants to invest in IT or infosec as it's seen as a cost on the business, attacks are just another risk and board finds losses due to attacks more acceptable than costs associated with IT / security.
So that's why you shouldn't be surprised.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
